Wireshark mailing list archives
Re: Trying to decode a TLS 1.3 with null cipher
From: Ahmed Elsherbiny <sherboah () gmail com>
Date: Mon, 4 May 2020 15:12:50 -0700
Hello Peter, First of all, thank you again for creating the patch. I did test it and was able to successfully decode some messages. My implementation uses WolfSSL v4.3.0. I hope the patch will be merged in, please let me know if there's any more info you need from my end. Regards, Ahmed On Sat, May 2, 2020 at 3:21 PM Peter Wu <peter () lekensteyn nl> wrote:
Hi Ahmed, I have posted a patch at https://code.wireshark.org/review/37034 which should allow you to see the plaintext. However there is a big open question about the draft specification. Can you share some more details on your implementation, in particular which TLS library do you use? Without more answers, this patch will not be merged. Kind regards, Peter On Sat, May 02, 2020 at 10:55:07AM -0700, Ahmed Elsherbiny wrote:Wow this is great news, thank you Peter! Regards, Ahmed On Sat, May 2, 2020 at 10:21 AM Peter Wu <peter () lekensteyn nl> wrote:Hi Ahmed, On Fri, May 01, 2020 at 02:10:01PM -0700, Ahmed Elsherbiny wrote:Hello, I've written a dissector for a custom protocol. The dissector workswell,and now I'm trying to run the protocol over TLS 1.3. The cipher suite being used is TLS_SHA256_SHA256 (Code: 0xC0B4).This isanew cipher suite, it is used for integrity and has a null cipher (The payload is actually plaintext). It is still in draft form, here isthedocument that describes it:https://www.ietf.org/id/draft-camwinget-tls-ts13-macciphersuites-05.txtLooking at the ServerHello packet, Wireshark shows the CipherSuite as Unknown (0xC0B4). Consequently, it does not provide a "Decrypted application data" tab and does not pass the data to my dissector.The new cipher name was added in the development build via commit v3.3.0rc0-513-g3e2a837cc0 (https://code.wireshark.org/review/36052).Itis not present in the stable build yet.This is what the TLS debug log shows:[..]I tried adding the cipher-suite to packet-tls-utils.c and recompiling Wireshark. This is the line that I added, since the document saysthatDiffie-Helman is the only key exchange that can be used. I'm notcompletelysure that I'm using the correct macros - I don't fully understandTLS.{0xC0B4, KEX_DH_ANON, ENC_NULL, DIG_SHA256, MODE_GCM }This is not correct, TLS 1.3 has a different key exchange (KEX_TLS13) and more changes are needed to ensure that existing TLS 1.3 ciphers do not break while adding support for this new cipher. I've created a test samples for the two ciphers and posted these at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16543 I hope to have a patch available tomorrow. -- Kind regards, Peter Wu https://lekensteyn.nl___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 01)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 04)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 05)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 07)
- Re: Trying to decode a TLS 1.3 with null cipher Ahmed Elsherbiny (May 02)
- Re: Trying to decode a TLS 1.3 with null cipher Peter Wu (May 02)